question

dimitarz avatar image
dimitarz asked madalyn commented

Can't sideload my locally built APK due to signature change?

Hello, I've built my APK following the guide here: https://docs.clover.com/clover-platform/docs/worki...

I created a sandbox account, created an app and uploaded my release signed APK. I then clicked on Preview in App Market, and installed the APK on my test merchant account (also sandbox). On my station-2018 emulator running sandbox apks, I get the App Update notification and install the app I just uploaded. SO FAR SO GOOD! Now, I make a change to the APK and try installing it (the release version):

adb: failed to install app/build/outputs/apk/release/app-release.apk: Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE: Package com.test.test signatures do not match the previously installed version; ignoring!]

Turns out, the APK I uploaded is re-signed. I verified that by checking the certificates of the one I uploaded and the one that's downloaded.

My APK now has two certs (CLOVER.RSA, the new one and mine, CERT.RSA)
cert=META-INF/CLOVER.RSA META-INF/CERT.RSA
Owner: CN=Jeffrey Blattman, OU=Clover Network Inc., O=Clover Network Inc., L=Mountain View, ST=CA, C=US

How am I supposed to side-load updated versions if the cert is changed? The guide states that this shouldn't happen, so what's going on here??

The guide states:
Before you can sideload your app onto your device for testing, you must upload your APK to the Clover App Market, then download it onto your device. You will only need to do this once. Afterward, you'll be able to sideload new versions of your app onto the device directly.
SandboxEmulator
4 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

madalyn avatar image madalyn commented ·

Can someone answer this? I am having the same issue.

I have two apps, both signed with the same Cert. I need to use signature-protectionLevel android permissions to communicate between the two apps. However, because the Cert gets changed, Android thinks the APK of the second app is corrupt and won't install it.

Is this a bug in Clover?

0 Likes 0 ·
Dan avatar image Dan madalyn commented ·

Are both apps on the market? I'm not sure but it sounds to me like what you are trying to do would not be supported on Clover.

0 Likes 0 ·
madalyn avatar image madalyn Dan commented ·

Hi Dan,

This should absolutely be supported by Clover, as they indicate here that the only way to have multiple Custom Tenders is to have MULTIPLE apps.
https://community.clover.com/questions/14205/can-a-merchanta-app-have-more-than-one-custom-tend.html?sort=votes

I am testing in sandbox. Both apks are uploaded to my developer (sandbox) dashboard.

0 Likes 0 ·
Jacob Abrams avatar image Jacob Abrams ♦♦ madalyn commented ·

This comment is unrelated to your installation issue (see my other answer)... but I highly recommend you not to define your own custom android permissions. Please read this to see why: https://docs.google.com/document/d/1ADUD6jecV85_L6v7T-zsaP9Hw7C-1__f5dsCeWYA3Tc/edit?usp=sharing

0 Likes 0 ·
Jacob Abrams avatar image
Jacob Abrams answered madalyn commented

The current instructions at https://docs.clover.com/clover-platform/docs/testing-apks regarding devkit sideloading seem incorrect.

This article correctly explains how to sideload an APK on sandbox: https://community.clover.com/articles/10448/how-to-sideload-an-apk-onto-clover-devices-for-dev.html

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

madalyn avatar image madalyn commented ·

Thank you so much for linking this. This explains, from the Clover developers, what is going on here.

0 Likes 0 ·
greg avatar image
greg answered madalyn commented

I don't know about the case with 2 apps, but for one app, after downloading from the clover server, proceed as follows:

  • uninstall app from devkit using adb
  • run app on Android Studio so it installs the app on the devkit
  • go to "more tools" app and click on sync to update the permissions for the app (they are downloaded from sandbox env)


If you do this after each other for both of your apps, it might help.

3 comments
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

madalyn avatar image madalyn commented ·

Unfortunately, this issue has nothing to do with Clover permissions, it is an Android apk Certificate issue.


Can you advise what Clover is doing to change the signing of our apks, and if this is a bug with Clover?

0 Likes 0 ·
greg avatar image greg madalyn commented ·

As far as I know Clover is somehow extending your signature with their own signature. The workflow I posted is the one that works for me, never had any certificate issues with it.

0 Likes 0 ·
madalyn avatar image madalyn greg commented ·

As you said, you are only testing with one app, not two, which is exactly why I am having this issue.

The apps need to be signed by the same certificate (which they are) to use shared custom permissions defined in both app Manifests (see: https://developer.android.com/guide/topics/manifest/permission-element)

When Clover modifies the signature of each of my apks separately, they can no longer use this functionality, because, to Android, the certificate is no longer the same between the two.

This causes Android to block the installation of the second app, unless I remove the custom permissions.

It is very common to have multiple apps developed by a company that share a signing certificate and custom permissions among their apps.

By changing the same Certificate in different ways on both apps, Clover is blocking the use of this functionality.

Why is it necessary for Clover to change the apk's signature?

0 Likes 0 ·

Welcome to the
Clover Developer Community